From 2da4a1a6e57b1b04bbc8c372bf97ed4d274aa16e Mon Sep 17 00:00:00 2001 From: Dolly Date: Mon, 18 Oct 2021 18:34:05 +0530 Subject: [PATCH] Fixing issues in PersistentXSSInHTMLTagVulnerability --- .../PersistentXSSInHTMLTagVulnerability.java | 12 ++++-------- src/main/resources/i18n/messages.properties | 1 - src/main/resources/i18n/messages_en_US.properties | 1 - 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/sasanlabs/service/vulnerability/xss/persistent/PersistentXSSInHTMLTagVulnerability.java b/src/main/java/org/sasanlabs/service/vulnerability/xss/persistent/PersistentXSSInHTMLTagVulnerability.java index 5cde353b..124dfb4f 100644 --- a/src/main/java/org/sasanlabs/service/vulnerability/xss/persistent/PersistentXSSInHTMLTagVulnerability.java +++ b/src/main/java/org/sasanlabs/service/vulnerability/xss/persistent/PersistentXSSInHTMLTagVulnerability.java @@ -142,7 +142,7 @@ public ResponseEntity getVulnerablePayloadLevel3( @VulnerableAppRequestMapping( value = LevelConstants.LEVEL_4, htmlTemplate = "LEVEL_1/PersistentXSS") - public ResponseEntity getVulnerablePayloadLevel5( + public ResponseEntity getVulnerablePayloadLevel4( @RequestParam Map queryParams) { Function function = (post) -> { @@ -164,7 +164,7 @@ public ResponseEntity getVulnerablePayloadLevel5( @VulnerableAppRequestMapping( value = LevelConstants.LEVEL_5, htmlTemplate = "LEVEL_1/PersistentXSS") - public ResponseEntity getVulnerablePayloadLevel6( + public ResponseEntity getVulnerablePayloadLevel5( @RequestParam Map queryParams) { Function function = (post) -> { @@ -187,7 +187,7 @@ public ResponseEntity getVulnerablePayloadLevel6( @VulnerableAppRequestMapping( value = LevelConstants.LEVEL_6, htmlTemplate = "LEVEL_1/PersistentXSS") - public ResponseEntity getVulnerablePayloadLevel7( + public ResponseEntity getVulnerablePayloadLevel6( @RequestParam Map queryParams) { Function function = (post) -> { @@ -205,15 +205,11 @@ public ResponseEntity getVulnerablePayloadLevel7( } // as we are adding to div tag so we can leverage the Html Escape for taking care of XSS. - @AttackVector( - vulnerabilityExposed = VulnerabilityType.PERSISTENT_XSS, - description = - "PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_AFTER_HTML_ESCAPING") @VulnerableAppRequestMapping( value = LevelConstants.LEVEL_7, htmlTemplate = "LEVEL_1/PersistentXSS", variant = Variant.SECURE) - public ResponseEntity getVulnerablePayloadLevel8( + public ResponseEntity getVulnerablePayloadLevel7( @RequestParam Map queryParams) { return new ResponseEntity( this.getCommentsPayload( diff --git a/src/main/resources/i18n/messages.properties b/src/main/resources/i18n/messages.properties index 01a11830..04d449de 100755 --- a/src/main/resources/i18n/messages.properties +++ b/src/main/resources/i18n/messages.properties @@ -28,7 +28,6 @@ otherwise benign and trusted websites. XSS attacks occur when an attacker uses a PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG=\"comment\" query param's value is directly added to \"div\" tag. PERSISTENT_XSS_HTML_TAG_URL_PARAM_DIRECTLY_INJECTED_IN_DIV_TAG_REPLACING_IMG_AND_INPUT_TAG=\"comment\" query param's value is directly added to \"div\" tag after replacing "